Hal Finney wrote:
Ben Laurie writes:
The sections on calculating signatures are really confusing. I can't
currently suggest alternate text for most of it because its far from
clear to me what the actual algorithms are. If someone explains, I'll do
my best to write clarifying text.
You're right, this is really messed up.
The authoritative section on what to hash is 5.2.4. We should refer
forward to that section and not include detailed information about
what is hashed in the sections on V3 and V4 signature packets.
We should make it clear that the DSA signature algorithm works directly
on the hash value that results from 5.2.4.
We should say that RSA signatures use that hash and prepend the sequence
of bytes identified as the "full hash prefixes". We could probably remove
the hexadecimal equivalents to the ASN.1 OIDs; if someone understands
ASN.1 well then the OIDs are enough, and if not then they can just
follow the rule to prepend the proper byte sequences and that will work.
This then gets padded as in PKCS#1 v1.5 signatures. We should have a
sentence clarifying that this is what gives us the value "m" used in
the signature calculation.
We also need to specify emLen, which I presume (by logic and experiment)
is equal to the RSA key size.
I will send diffs soon. Thanks for the clarification.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff